Sandworm Book Review

I while ago I finished Andy Greenberg’s Sandworm. Here’s my single-sentence review:

Couched within the fascinating journeys of real-world characters striving to understand the implications of our evolving cyber world, no other book provides as rich and accessible a discussion of cybersecurity, threat intelligence, critical infrastructure, and nation-state threat actors as Greenberg’s Sandworm.

I’ve read many of Greenberg’s articles over the years. I admire his breadth of coverage, and ability to take complex topics and prepare them for a popular – though tech literate – audience.

I appreciated that the book represents Greenberg’s personal journey to answer the question “who is Sandworm?”, making an easy journey for the reader as well. While I found myself laughing – and even shouting out loud – in agreement, I also frowned a time or two. As someone who spent a decade of his life dedicated to understanding and explaining the cyber threat to critical infrastructure, things that seemed obvious to me were sometimes revelations to Greenberg; and, several conclusions I thought were plain wrong. But knowing that he was simply (and eloquently) describing his journey encouraged my patience.

Greenberg seems naturally a people person – which contributes to the book’s accessibility. I was surprised and pleased by his effort to paint the personalities of the main cast of characters.

John Hultquist and I worked together on Sandworm-related threat intelligence at iSIGHT Partners (which acquired my firm Critical Intelligence in March 2015) and later FireEye. I ran the Attack team, and Hultquist ran the Espionage team. We offered complimentary coverage as I analyzed the industrial control aspects of Sandworm activities. When the electric transmission pylons serving Crimea were blown up in fall 2015, we collaborated to warn our customers that cyber attack against Ukraine utilities would be a likely Russian response. We presented together on the S4 Main Stage on the first Ukraine outage just weeks after it occurred. In Sandworm, I was pleased to see Hultquist’s own fascinating story presented to the world.

Rob Lee and I crossed paths many times over the course of his rise. I found Andy’s description of Rob excruciatingly accurate. Rob’s intelligence, contagious passion and persuasive ability has driven him to stardom, and attracted great talent into his firm, Dragos. Early on he invited me to join him, too. But I had an alternate vision of my future.

In all, I decided to make this book mandatory reading for students in my Critical Infrastructure Defense course. Students remember stories – and Sandworm provides rich context for exploration and application.  Plus, I have developed my own profound perspectives around these same events.

I created a Sandworm Discussion Guide, which you can find in the Curricular Materials section of my Web site at this link. Happy teaching!

Posted in Uncategorized.

Leave a Reply

Your email address will not be published. Required fields are marked *